sysadmin/linux/howto-mysql-common-tasks.txt

-------------------------------------------------------------------
$Id: howto-mysql-common-tasks.txt,v 1.1 2002/02/14 00:21:11 cvsjoko Exp $

$Log: howto-mysql-common-tasks.txt,v $
Revision 1.1  2002/02/14 00:21:11  cvsjoko
+ new

-------------------------------------------------------------------


=========================================================
    establish basic safety privileges
=========================================================

- we assume a running mysql-daemon, 
   else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory
- run mysql-client: [root@host]# mysql (you should be logged in as "root")
- select database: mysql> use mysql;

- deny access for user "root" from the outer space (not localhost)
  mysql> delete from user where user='root' and host='%';
  mysql> flush privileges;
- assure everything is all right and you will be able to re-login again later ;)
  mysql> select * from user;
  --> there should be (as a minimum) an entry like ...
  --- snip ---
  | localhost | root |          | Y           | Y           | Y           | Y           | Y           | Y         | Y           | Y             | Y            | Y         | Y          | Y               | Y          | Y          |
  --- snip ---
  ... which gives access-rights for user "root" at localhost with no password
- test for safety
  mysql> select * from user;
  --> there should be no other "root"-entry in the "user"-table then the one established above
  
  
=========================================================
    add new databases and grant access to them for new mysql-user-accounts
=========================================================

- we assume a running mysql-daemon, 
   else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory
- run mysql-client: [root@host]# mysql (you should be logged in as "root")

- create database
  mysql> create database <databasename>;
  
- add new user
  mysql> use mysql;
  mysql> insert into user (host, user, password) values ('localhost', '<username>', password('<password>'));

- grant access for local usage (e.g. from php- or cgi-scripts)
  mysql> use mysql;
  mysql> insert into db values ('localhost', '<databasename>', '<username>', 'Y','Y','Y','Y','Y','Y','N','Y','Y','Y');

- apply changes to privileges
  mysql> flush privileges;

- test access to new database
  - logout from mysql in "root"-mode
  - login to mysql-daemon as newly created user using the new database
    mysql> mysql -u<username> -p<password> <databasename>
        or leave "<password>" empty for supplying the password invisible  ;)
  - this should work!
  
- TODO:
  - there should be a (perl-)script (perhaps there is already one coming with mysql) 
     to pass "databasename", "username" and "password" to, 
     which should execute the tasks described above non-interactively  ;)
     - note: use regression-checks
       - don't re-create database
       - if user already exists, just modify password!!!
       - don't accept empty arguments!
     - note: integrate into the gsn-framework (on the long term)
       - user "service" should be able to access the mysqld-daemon with root-privileges from a remote location
         in order to be able to absolve all requests seamlessly without any user interaction
         
    
=========================================================
    add a "root-warrior" account
=========================================================
- this user should be able to to anything from remote side

  mysql> use mysql;
  mysql> insert into user values ('%', 'patman_warrior', password('pw'), 'Y','Y','Y','Y','Y','Y','N','N','N','N','N','N','N','Y');
  mysql> flush privileges;

1	-------------------------------------------------------------------
2	$Id: howto-mysql-common-tasks.txt,v 1.1 2002/02/14 00:21:11 cvsjoko Exp $
3
4	$Log: howto-mysql-common-tasks.txt,v $
5	Revision 1.1 2002/02/14 00:21:11 cvsjoko
6	+ new
7
8	-------------------------------------------------------------------
9
10
11	=========================================================
12	establish basic safety privileges
13	=========================================================
14
15	- we assume a running mysql-daemon,
16	else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory
17	- run mysql-client: [root@host]# mysql (you should be logged in as "root")
18	- select database: mysql> use mysql;
19
20	- deny access for user "root" from the outer space (not localhost)
21	mysql> delete from user where user='root' and host='%';
22	mysql> flush privileges;
23	- assure everything is all right and you will be able to re-login again later ;)
24	mysql> select * from user;
25	--> there should be (as a minimum) an entry like ...
26	--- snip ---
27	\| localhost \| root \| \| Y \| Y \| Y \| Y \| Y \| Y \| Y \| Y \| Y \| Y \| Y \| Y \| Y \| Y \|
28	--- snip ---
29	... which gives access-rights for user "root" at localhost with no password
30	- test for safety
31	mysql> select * from user;
32	--> there should be no other "root"-entry in the "user"-table then the one established above
33
34
35	=========================================================
36	add new databases and grant access to them for new mysql-user-accounts
37	=========================================================
38
39	- we assume a running mysql-daemon,
40	else start it via "safe_mysqld" or (newer versions) with "mysqld_safe" in the mysql/bin/ - directory
41	- run mysql-client: [root@host]# mysql (you should be logged in as "root")
42
43	- create database
44	mysql> create database <databasename>;
45
46	- add new user
47	mysql> use mysql;
48	mysql> insert into user (host, user, password) values ('localhost', '<username>', password('<password>'));
49
50	- grant access for local usage (e.g. from php- or cgi-scripts)
51	mysql> use mysql;
52	mysql> insert into db values ('localhost', '<databasename>', '<username>', 'Y','Y','Y','Y','Y','Y','N','Y','Y','Y');
53
54	- apply changes to privileges
55	mysql> flush privileges;
56
57	- test access to new database
58	- logout from mysql in "root"-mode
59	- login to mysql-daemon as newly created user using the new database
60	mysql> mysql -u<username> -p<password> <databasename>
61	or leave "<password>" empty for supplying the password invisible ;)
62	- this should work!
63
64	- TODO:
65	- there should be a (perl-)script (perhaps there is already one coming with mysql)
66	to pass "databasename", "username" and "password" to,
67	which should execute the tasks described above non-interactively ;)
68	- note: use regression-checks
69	- don't re-create database
70	- if user already exists, just modify password!!!
71	- don't accept empty arguments!
72	- note: integrate into the gsn-framework (on the long term)
73	- user "service" should be able to access the mysqld-daemon with root-privileges from a remote location
74	in order to be able to absolve all requests seamlessly without any user interaction
75
76
77	=========================================================
78	add a "root-warrior" account
79	=========================================================
80	- this user should be able to to anything from remote side
81
82	mysql> use mysql;
83	mysql> insert into user values ('%', 'patman_warrior', password('pw'), 'Y','Y','Y','Y','Y','Y','N','N','N','N','N','N','N','Y');
84	mysql> flush privileges;
85
MailToCvsAdmin">MailToCvsAdmin	ViewVC Help
Powered by ViewVC 1.1.26